Is Revealing My Phone Number A Breach Of UK GDPR?
By Jo Greenwood. Last Updated 17th January 2024. The UK’s data protection laws give protection to your personal information when it is held or in use by an organisation. Your phone number is part of your personal information.
If an organisation fails to protect your personal information, you could hold them liable for any harm you suffer as a result. Revealing your phone number without a lawful basis to do so, can be a breach of the UK GDPR, and this guide will show you how you could be eligible to make a claim for compensation.
We will talk about data breaches, the UK GDPR, and the protection it gives to your personal data and give you information about compensation and how it is calculated in data breach claims. Our guide discusses the role of a data controller and a data processor and the steps they should take to protect your personal data. We will also explain how you can get in touch with our No Win No Fee solicitors to help you make your claim.
For any information you might need, or questions you want answering about making a data breach compensation claim, you can also speak with one of our advisers. They offer free initial consultations and can even help value your claim and assess if the organisation could be liable. You can reach out to one now by;
- Calling them on 0800 073 8804
- Using our contact us page
- Using the live chat feature
- Is My Phone Number Covered Under UK GDPR?
- What Personal Data Is Not Covered By The UK GDPR?
- Is Revealing My Phone Number A Breach Of UK GDPR?
- What Can I Do If My Phone Number Has Been Revealed?
- How Much Could You Claim For A UK GDPR Breach Of Data?
- Make A No Win No Fee Data Breach Claim
Is My Phone Number Covered Under UK GDPR?
Personal information can broadly be categorised into two categories:
- Information that identifies you: such as your name, address, or date of birth
- Information that relates to you: such as ethnic background, religious affiliation or sexual orientation.
When an organisation records, stores or uses any piece of information about or relating to a person, the information is considered personal data.
The organisation is now considered a data controller and immediately becomes subject to the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA). This is because there are rules for how personal data can be used, revealed or shared.
Data controllers have a responsibility to make sure any personal information they have about you is securely stored, kept confidential and only used appropriately. Data controllers can also be data processors, who are responsible for processing personal data.
Your phone number is your personal information, and if you suffered harm because:
- An organisation revealed your phone number without a valid and lawful reason
- An organisation failed to properly secure your phone number, leading to it being exposed.
You could be eligible to make a claim for compensation for the financial or mental harm that you suffered. If this happened to you, please speak with one of our advisers for information about making a data breach claim.
Is Sharing Someone’s Phone Number Illegal In The UK?
So, is sharing someone’s phone number illegal in the UK?
In short, if an organisation has no lawful basis to share your phone number, they shouldn’t do so. Doing so could be illegal and may see them subject to fines and investigations by the Information Commissioner’s Office. It could also lead to the affected individuals making a data breach claim.
What Personal Data Is Not Covered By The UK GDPR?
The UK GDPR gives protection to personal data and personally sensitive data that relates to a person.
This applies to:
- Data that a person can be directly identified from
- Data that a person can be identified from, when in use with other pieces of information
Personal data that is protected may fit into two categories such as personal information and special category data.
As we have discussed personal data is anything relating to you, the data subject, that can be used to identify you or use in conjunction with other information to identify you. Special category data relates to your health, ethnic origin or your race.
Your phone number directly relates to you and is information you can be directly identified from. It is protected by the UK GDPR and revealing your phone number can be a breach of the UK GDPR.
Is Revealing My Phone Number A Breach Of UK GDPR?
There are instances where revealing your phone number will not be a breach of the UK GDPR. This is because the organisation will have a valid and lawful reason for doing so. The UK GDPR sets out the six lawful bases for sharing information which are:
- Consent: In that you have given them consent to share your phone number
- Contractual Obligation: In that they revealed your number to fulfil a contract they had with you
- Legal Obligations: If they revealed your number to meet a legal obligation
- Vital Interest: If revealing your number was necessary to protect a life
- Public Interest: If it was in the public’s interest to reveal your phone number
- Legitimate Interest: The company has a legitimate and valid reason to share your phone number.
Instances outside of this, or instances that do not properly fulfil the listed basis are instances where revealing your phone number can be a breach of the UK GDPR.
What Can I Do If My Phone Number Has Been Revealed?
The first action you can take after a data breach is to make a written complaint directly to the organisation responsible. It should be written so as to maintain evidence of both sides of the correspondence
Before beginning any legal action, you can also report the organisation to the Information Commissioner’s Office; an independent body in the UK dealing with data protection rights. You should do this within three months of your last meaningful communication with the organisation.
Data breach claims address two types of harm, financial harm (I.e. financial losses) and mental harm (psychological harm, such as stress or anxiety from the breach).
If possible, maintain records of your financial losses and medical records as they can be used as evidence in your claim.
A solicitor can help arrange an independent psychological assessment to produce a report as medical evidence.
If an organisation breached the UK GDPR in revealing your phone number, and this led to you suffering harm please reach out to an adviser for information.
Phone Number Data Breach – How Long Do I Have To Claim?
If you meet the eligibility criteria to make a claim for a phone number data breach, you must also ensure that you start legal proceedings within the relevant time limit. Generally, you will have six years to make a personal data breach claim. However, this time limit is reduced to one year if you are making your claim against a public body.
To see if you could be eligible to make a personal data breach claim if your personal phone numbers were compromised in a breach, you can contact our advisors. They may also connect you with one of our solicitors if you have a strong case.
How Much Could You Claim For A UK GDPR Breach Of Data?
Compensation for a breach of UK data protection laws could be awarded for two types of harm.
The financial losses that you suffer due to a data breach is called material damage. To claim compensation for suffering from material damage you would present evidence of how the exposure of your phone number had affected you financially. For example:
- Your number may have been used fraudulently to steal money from you
- You may have spent money on repair or replacement costs
- You may have lost out on income while trying to address the effects of the breach
You could potentially suffer other forms of financial loss due to a personal data breach; this list is not exhaustive.
Any psychological harm you suffer due to a data breach is called non-material damage. To claim compensation for suffering from non-material damage, you could present evidence of how the breach had affected your mental state.
The table below shows figures from the Judicial College Guidelines, which can be used by legal professionals to help value psychological damage. These figures are not guaranteed but could give you a rough idea of what your non-material damage could look like. Please note that the first entry has not been taken from the JCG.
Injury | Notes | Award |
---|---|---|
Severe Psychological Damage Plus Financial Losses | Multiple instances of severe psychological damage combined with serious financial losses, such as lost earnings. | Up to £150,000+ |
Severe Psychological Damage | Completely harming a person's ability to function in life and carry out relationships | £54,830 to £115,730 |
Moderately Severe Psychological Damage | Symptoms as above but with a better prognosis | £19,070 to £54,830 |
Moderate Psychological Damage | Initial symptoms as above but the claimant is now showing good recovery | £5,860 to £19,070 |
Less Severe Psychological Damage | Daily activities, such as sleep, were affected for a period of time | £1,540 to £5,860 |
Severe PTSD | A severe psychiatric disorder that prevents the person from normal function | £59,860 to £100,670 |
Moderately Severe PTSD | Symptoms as above, but a better prognosis for recovery after receiving professional treatment | £23,150 to £59,860 |
Moderate PTSD | The claimant will be mostly recovered with any remaining symptoms being manageable | £8,180 to £23,150 |
Less Severe PTSD | The claimant will have more or less fully recovered within 2 years | £3,950 to £8,180 |
Previously, you would only be able to make a claim for suffering from non-material damage as part of a claim for suffering from financial losses. This has changed following a decision made in the Court of Appeal case, Vidal-Hall and others v Google Inc (2015). You can now claim for either form of harm separately.
There are several ways that people can be harmed in a data breach, and exposed phone numbers or call logs could potentially result in financial or psychiatric harm. Please reach out to one of our advisers for a free assessment of whether you could claim and information on how to start a claim.
Make A No Win No Fee Data Breach Claim
Now that you know more about making a personal data breach compensation claim, you might be wondering how a solicitor could help.
Our solicitors work on a No Win No Fee basis; this means that, with the help of a Conditional Fee Agreement (a type of No Win No Fee agreement), your solicitor will generally start work on your claim without asking for an upfront payment for their services. Similarly, they won’t ask you to pay for their work as your data breach compensation claim is ongoing. If your personal data breach claim fails, you won’t need to pay for your solicitor’s services.
If your data breach compensation claim succeeds, then your solicitor will take a success fee. This is deducted from your compensation directly and is taken as a small, legally capped percentage. This legal cap helps to make sure that you keep the larger share of what you receive.
Contact Our Team
If you’d like to seek compensation for a personal data breach caused by a breach of the UK GDPR, contact our team. Our advisors can offer more information surrounding the claims process and could potentially connect you with one of our expert No Win No Fee solicitors. Get in touch today by:
- Calling us on 0800 073 8804
- Using our contact us page.
- Using the live chat feature.
Further Helpful Information
Below are some additional links you might find useful such as:
- ICO: A guide to taking your case to court and claiming compensation
- GOV: A guide to your data protection rights
- Action Fraud: A guide to mobile phone fraud scams you should watch out for, if your phone number has been exposed.
Thank you for reading our guide to making a claim against an organisation for a breach of the UK GDPR in revealing your phone number. We offer guides on other topics such as:
- Suing A Company For A Data Breach
- Stolen Phone Data Breach Claims
- Credit Card Data Breach Claims
- A guide to school data breach claims. Learn how to make a claim on behalf of your child if their data was exposed
- To learn more about the recent PSNI data breach and compensation claims associated with it, head here. You can find out what happened, who’s at fault, what to do and potential compensation payouts.
Guide By Charles
Edited By Melissa.